An XMPP CLI environment with ejabberd & profanity

20.02.2017

Over the past week I spend some time on investigating and learning how to setup an XMPP1 (or “Jabber”) environment for secure messaging via command-line. Word on the street was, it’ll be a pain and frustrating and, yes, partly I have to agree, but given that one is working with a more or less recent and commonly used system the frustration is manageable :)

Prerequisite

a FQDN2 (my.fqdn in this tutorial) so we don’t have to mess around with IPs (optional)

Server-side with ejabberd

For the server-side I used ejabberd3, mainly because it’s widly-used, open-source and used by the Jabber foundation4. Installing ejabberd is pretty straight-forward and requires close to no configuration at all.

The latter will setup ejabberd with a pretty solid default configuration. Make sure to use your FQDN during installation and to select a good password for your admin account. Now we should setup two users to test if the server works according to our expectations. ejabberd provides a powerful CLI ejabberdctl that can be used to configure the server while it’s running.

The same process needs to be repeated from Bob to Alice and afterwards both parties will see an indication like this..

$ bob@my.fqdn/profanity [online] [OTR] [trusted]

PGP encryption

Well… everytime I got in contact with PGP it ended up with headaches and hours of frustration. Not even speaking about principle issues with PGP9 here. That applies to PGP for profanity as well. Profanity utilizes a preinstalled GnuPG10 agent and libgpgme11 to access private and public keys from the agent. As of today you’d receive profanity 0.4.7 utilizing libgpgme 1.6.0 from the package sources when installing profanity in a system described below.

Long story short: I never managed to consistently setup PGP for profanity. I somehow managed to temporarily access the keys by working with newer GnuPG versions and profanity build from scratch, but nothing to base a tutorial on. The whole story is documented in a GitHub issue11, involving other developers failing similarly and might or might not be solved in the future.

Conclusion

With a recent linux-based distribution, it turned out to be quite simple to setup an XMPP-based communication on the command line including encryption. I would highly recommend to go for OTR-encryption, since it is not only easier to set up, but also supports forward secrecy and is supported in most clients - including non-linux clients. An interesting project for further investigation is the omemo encryption12 by Daniel Gultsch13 beside further hardening of the involved systems14.

References and further reading

Special thanks to bascht for helping me out with debugging the PGP issues.